Follow us on Twitter!
Imagination is more valuable than knowledge - Albert Einstein
Monday, April 21, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 30
Guests Online: 29
Members Online: 1

Registered Members: 82851
Newest Member: darthvador
Latest Articles
View Thread

HellBound Hackers | Computer General | Hacking in general

Author

Buffer Overflow and Null Bytes


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-06-10 18:05
This is probably a really dumb question, but I've searched for a while and couldn't find anything.

Anyway, if I'm trying to exploit a buffer overflow to change the return address of a function, but the address has a null byte in it, how would I get around that?
Author

RE: Buffer Overflow and Null Bytes


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 29-06-10 13:22
Don't think it's stupid, idk the answer. But then I'm no expert.
Is there no way you could use a different return address like a non direct route? where is the null byte?

It's the only solution I can foresee.


Author

RE: Buffer Overflow and Null Bytes


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 29-06-10 15:10
I'm trying to change the return address to 004013ef
Author

RE: Buffer Overflow and Null Bytes


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 30-06-10 10:12
you can try a partial overwrite

ie overwrite eip with \xef\x13\x40 #Little endian

But it also depends on the structure of the overflow, how much room you have and if you are able to get there. Keep in mind that with partial overwrites thats the end of your code, all needs to be done before that... no room after.




Edited by on 30-06-10 10:17
Author

RE: Buffer Overflow and Null Bytes


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 30-06-10 16:04
And the partial overwrite worked. It turns out I was actually writing the return address into EBP instead of where I should as well as messing up the return address. Thanks.